From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95F543783CC for ; Mon, 29 Jun 2026 09:25:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.41 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782725152; cv=none; b=grFrp10HwvNatxeqNkt6kLgvzj1btnjk+963uI8Ov7BYSovXfpMYRrXXvcrfI1OgJqDK048WXkMmFI2FVCNGDuEMyItLKKyosEQwaxlnQDUFTQcD4zs6ysWluOz8/vIObA94FgTdZI6kci0d5Qc600sHAh48sw+ypyjVxI10KNM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782725152; c=relaxed/simple; bh=bwnmgqddSsR2yWJdg4y/ToBDVUT0ZwX4H8eihcGW/7Y=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=hrqNKTrnaG0fUlgueGi0fnsXcN9TJg0+rgb12jL1a0CGOGC7LdiUeNAO+V8/2iBvzfFEwGx5Ev/ASrArWrwQvs1o277pdxnUHP86OBSK4TbEflfLC3P9ovmtR310sx1lBpC0BGTa2L3IomEu7qOyTaqITqXe2wdVIJlysPbBd7I= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=riscstar.com; spf=pass smtp.mailfrom=riscstar.com; dkim=pass (2048-bit key) header.d=riscstar-com.20251104.gappssmtp.com header.i=@riscstar-com.20251104.gappssmtp.com header.b=CavymvKe; arc=none smtp.client-ip=209.85.128.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=riscstar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=riscstar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=riscstar-com.20251104.gappssmtp.com header.i=@riscstar-com.20251104.gappssmtp.com header.b="CavymvKe" Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-49319ebb3a9so11260445e9.3 for ; Mon, 29 Jun 2026 02:25:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=riscstar-com.20251104.gappssmtp.com; s=20251104; t=1782725148; x=1783329948; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=sCJ+3VriZa2HDxVFuhLXbhDbJmzauFoiNJi8rwd7lTU=; b=CavymvKe3FOe6BG/PaMybIL6ptrZOn7WEWqyqVeeuSmM98Oq5wbELprt2nNTO+1Av9 GxWTIjildYjMhUFBYpch5NELjumKZRw2M07x2CD4rZDHgUnJjK0+hXstKH1RQsUYAlSQ uW75OrqX6u49quAcAhXUsDMja2NX+GLbWitnDb+xUIRAHWldcWZODQFATXH/B1gqTCx0 b59xwBFPXSpVXTR2b+MTl8XJyWjinE7FkwCX/ehPX0lgcMbZ9gbfZeGShw1M1MG62T38 3/KS2i0hX5zK5KMCav+llED7+3LjaLKQ5f2DYtgTzSH11xnPjyoSJqbFmmlIPWFiGklk ZTew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782725148; x=1783329948; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sCJ+3VriZa2HDxVFuhLXbhDbJmzauFoiNJi8rwd7lTU=; b=QJydd4LfykMxH7K57wzMjcFaAJy49FrNPvp7NG0S3WZfcehdoXSeA/ji0z0aYhslZ6 oAVMePEbC8Hk1V3nNVvWIUZEilxDmFXNF0qsg3K8wb93ofs84/BtyCjB9rRQDX+UXjyd zeJXLMEukwh+q7nt6enXjyDACjey1not2FEA/h1p4woPOxvH2BBcw+9eipjXTZVKF+OH DNsxMp5SQETwUkTHRTtqfAtIbiL2C/a5S4lknh8O2oVoNZGt/FwebFL82c4NiQWK1t5E tagdL2hUaTq4hU2Z0rDriCHabuLUGijfif/OTpB1Jtrbj7sElNWkdRR6/l+QKpL6Sc7h Mv2A== X-Forwarded-Encrypted: i=1; AFNElJ/cEVTlOKpigf322BMwWPo0Dgsf9LxJwQjZUQFXd8VoGGHxjSYi0ZN0BcWEKg7KcnXLVa8lipuIdF3oP7s=@vger.kernel.org X-Gm-Message-State: AOJu0YxwkdHxkaXnk9Wrg968qE6vMZQVFwFSDTSVCQnkXWDqV/M3oNLN tHFS8nzuVm4ZdL4uRTKVq0aEektPOgy2cLKAz3j2uxKn6S/fF47clj4wO92iVq0uclY= X-Gm-Gg: AfdE7clflNUPKGapB2CNCtQMEFicfZJmdkticFI0dYEmDqWrCIpJgsj0r8bSWKEbF4v vfdnuellL3SU9yHiFJJOfO6w1HIbaYwpOvRZl6bfFD9JPJhFoIKk27oSXrx6woQanDfXlbp0Ck4 FH3g7JRIsBL6JiS3jytuKazlgObAVhD53lmNtfX+YCs2amm1miCUQ1WIQdcw0YES1g9xeXHDgp0 IlLwahrZwHrn+wYBeCEDAZXPRe4YXo2Nt2dINpokiu5B6+JUegcD+B+8quksUKpRvKpTyyY75xP SDS7LIP5AeqlcLYhbo4kcDs4wmzBRXDn2v2AqWLfImPqyw2OIL67u8RUy9AF3qYzn0nMll6FqLi LTd+YAD8qKZeifrhyRAw/k+fm8gkDDMEgkxFYKOMocByZFV9PVYGkdKrToC8eDY83pij/RHThF+ 2P8MfQDekm32e7UaV79vFmoqZX8Qd+b7e3k4A8Qf4n8d5KsQE+qVuYE3h0vau0sM6N+QCCVA/qs UMaKOHqa5aLFqGzX56rrZSuOy9b4cxApZFHMEjB9WMF0Lpzspr1mLPNMTw8ri2O4sp0VZyDrQ== X-Received: by 2002:a05:600c:1392:b0:492:488c:f630 with SMTP id 5b1f17b1804b1-492668b6847mr266804345e9.34.1782725147829; Mon, 29 Jun 2026 02:25:47 -0700 (PDT) Received: from aspen.lan (aztw-34-b2-v4wan-166919-cust780.vm26.cable.virginm.net. [82.37.195.13]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493adf3d98fsm69281375e9.8.2026.06.29.02.25.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jun 2026 02:25:47 -0700 (PDT) Date: Mon, 29 Jun 2026 10:25:45 +0100 From: Daniel Thompson To: David Laight Cc: Kees Cook , linux-hardening@vger.kernel.org, kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, Arnd Bergmann , Arnd Bergmann , Daniel Thompson , Greg Kroah-Hartman , Jason Wessel Subject: Re: [PATCH v2 next] drivers/misc/kgdbts: Replace strlen() strcpy() pair with strscpy() Message-ID: References: <20260626083821.2981-1-david.laight.linux@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260626083821.2981-1-david.laight.linux@gmail.com> On Fri, Jun 26, 2026 at 09:38:21AM +0100, David Laight wrote: > Use the result of strscpy() for the options overflow check, > if too long delete the config string. This still seems like very little information for future adventurers to go on. IIUC you are setting config[0] = 0 because that puts the string back as it was before the strscpy() altered it by writing in a truncated value? And that is based on the assumption that config is still zero-filled when kgdbts_option_setup() runs? If that's why this code was added then explain that rather than explaining what it does. Also, if that really is the rationale then would strlen()/memcpy() be cleaner? That way you would never write a bad value into config in the first place. Daniel. > Use two argument strscpy(config, kmessage) to ensure no overflow. > > Signed-off-by: David Laight > --- > > v2: Note that an overlong config string gets deleted. > > This is one of a group of patches that remove potentially unbounded > strcpy() calls. > > They are mostly replaced by strscpy() or, when strlen() has just been > called, with memcpy() (usually including the '\0'). > > Calls with copy string literals into arrays are left unchanged. > They are safe and easily detected as such. > > The changes were made by getting the compiler to detect the calls and > then fixing the code by hand. > > Note that all the changes are only compile tested. > > Some Makefiles were changed to allow files to contain strcpy(). > As well as 'difficult to fix' files, this included 'show' functions > as they really need to use sysfs_emit() or seq_printf(). > > All the patches are being sent individually to avoid very long cc lists. > Apologies for the terse commit messages and likely unexpected tags. > (There are about 100 patches in total.) > > drivers/misc/kgdbts.c | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) > > diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c > index 9d3218330f0a..2c8f10b8ac74 100644 > --- a/drivers/misc/kgdbts.c > +++ b/drivers/misc/kgdbts.c > @@ -1069,11 +1069,10 @@ static void kgdbts_run_tests(void) > > static int __init kgdbts_option_setup(char *opt) > { > - if (strlen(opt) >= MAX_CONFIG_LEN) { > + if (strscpy(config, opt) < 0) { > + config[0] = 0; > printk(KERN_ERR "kgdbts: config string too long\n"); > - return 1; > } > - strcpy(config, opt); > return 1; > } > > @@ -1144,7 +1143,7 @@ static int param_set_kgdbts_var(const char *kmessage, > > /* Only copy in the string if the init function has not run yet */ > if (configured < 0) { > - strcpy(config, kmessage); > + strscpy(config, kmessage); > return 0; > } > > @@ -1153,7 +1152,7 @@ static int param_set_kgdbts_var(const char *kmessage, > return -EBUSY; > } > > - strcpy(config, kmessage); > + strscpy(config, kmessage); > /* Chop out \n char as a result of echo */ > if (len && config[len - 1] == '\n') > config[len - 1] = '\0'; > -- > 2.39.5 >